Factory Security Vulnerabilities and Issues — Factory CVE List

OpensuseFactory

10 matches found

CVE•added 2022/01/01 12:0 a.m.•493 views

CVE-2021-41819

CVE-2021-41819 affects Ruby and the CGI::Cookie.parse function; Ruby up to 2.6.8 (and CGI gem up to 0.3.0) mishandle security prefixes in cookie names, enabling cookie-prefix spoofing. Public advisories confirm this and list affected Ruby versions across multiple distributions (AL2, AL2 Ruby3.0 e...

7.5CVSS7.5AI score0.02931EPSS

CVE•added 2022/01/01 12:0 a.m.•441 views

CVE-2021-41817

CVE-2021-41817 is a Ruby-related ReDoS in Date parsing. The vulnerability affects Ruby’s date parsing pathways (notably date parsing methods) up to versions around 3.2.0, enabling denial-of-service via crafted date strings. The fixed releases cited in the sources are 3.2.1, 3.1.2, 3.0.2, and 2.0....

7.5CVSS7.4AI score0.03222EPSS

CVE•added 2021/12/25 6:15 p.m.•247 views

CVE-2021-4166

CVE-2021-4166 is a Vim vulnerability categorized as an out-of-bounds read affecting Vim buffers. Public references in the connected documents confirm the issue, with remediation guidance tied to Vim updates. The Cloud Foundry advisory (USN-6026-1) and related AWS/Linux bulletins indicate Vim fixe...

7.1CVSS8.1AI score0.01586EPSS

CVE•added 2022/02/18 11:23 p.m.•204 views

CVE-2021-45082

CVE-2021-45082 affects Cobbler prior to 3.3.1. The issue resides in templar.py, where the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring (only lines starting with #import are blocked). This could enable unintended module ...

7.8CVSS7.5AI score0.00495EPSS

CVE•added 2022/01/06 3:48 a.m.•139 views

CVE-2021-46141

CVE-2021-46141 affects uriparser prior to 0.9.6, with invalid free operations in uriFreeUriMembers and uriMakeOwner. Multiple advisories (Debian, Fedora, ALAS) indicate potential DoS or arbitrary code execution, mitigated by upgrading to 0.9.6 or later; some advisories specify version updates (e....

5.5CVSS5.2AI score0.01131EPSS

CVE•added 2022/01/06 3:48 a.m.•135 views

CVE-2021-46142

The CVE concerns uriparser before 0.9.6, which performs invalid free operations in uriNormalizeSyntax. Connected advisories confirm this affects uriparser across multiple distributions and versions, with fixes provided in version 0.9.6 and later. Impact noted in Debian advisories includes potenti...

5.5CVSS5.2AI score0.01095EPSS

CVE•added 2022/10/26 8:55 a.m.•82 views

CVE-2022-31256

CVE-2022-31256 is a local privilege-escalation issue in the openSUSE/openSUSE Factory sendmail workflow. Affected component: a script invoked by the sendmail systemd service. Root cause: improper link resolution before file access ("link following") in that script allows a local attacker to escal...

7.8CVSS7.4AI score0.00231EPSS

CVE•added 2021/05/05 8:25 a.m.•78 views

CVE-2021-25319

CVE-2021-25319 describes an Incorrect Default Permissions vulnerability in the openSUSE Factory packaging of Oracle VM VirtualBox (virtualbox). Affected product: openSUSE Factory virtualbox, version 6.1.20-1.1 and earlier. Root cause: improper default permissions in the packaging workflow, enabli...

7.8CVSS7.7AI score0.00255EPSS

CVE•added 2022/09/07 8:55 a.m.•71 views

CVE-2022-31251

CVE-2022-31251 affects openSUSE Factory Slurm packaging: an Incorrect Default Permissions vulnerability in the packaging of the Slurm testsuite allows a local attacker with control over the slurm user to escalate to root. The issue specifically impacts openSUSE Factory Slurm versions before 22.05...

6.5CVSS7.1AI score0.00201EPSS

CVE•added 2022/01/14 10:40 a.m.•50 views

CVE-2021-36781

CVE-2021-36781 affects openSUSE Factory’s parsec package (prior to 0.8.1-1.1). The root cause is mislabeled/incorrect default permissions, enabling a local attacker to imitate the parsec service and cause DoS or clients to talk to an imposter service. Public documents cite instance details such a...

5.9CVSS4.9AI score0.00207EPSS